1. Field of the Invention
The present invention relates to the field of computer security systems. More particularly, the invention provides methods and devices for providing security to distributed computer systems.
2. Description of Related Art
Security frameworks have been developed to protect data transmitted in distributed computing systems. Existing security frameworks have an assortment of degrees of privacy, security, adaptability and scalability. The Kerberos system, for example, provides secure communications by users sharing a key with a third party. In order to conduct secure communications, each party connect to the third party and utilize the key issued by the third party. Among other disadvantages, the Kerberos system allows the third party to track the identities of users who are communicating with each. Furthermore, the third party has the ability to decrypt messages because the third party issues the keys. The Kerberos security model is fixed; that is, administrators have limited flexibility in deployment options.
Other existing security systems have merits and limitations. For example, security systems that utilize public key and private key infrastructures can include time-consuming and expensive encryption and decryption steps. Time consuming encryption and decryption steps can limit the scalability of a security system if they are performed too frequently. As well, PKI infrastructures often have revocation issues and many don't address the issue of management of multiple trust roots or cross-certification. Most solutions are designed for specific purposes, e.g., SSL or IPsec. Existing security systems have also generally focused on specific cryptographic technologies. For example, Kerberos uses symmetric keys and PKI uses public keys.
There exists a need in the art for a generic security framework, for use with distributed computing systems, that is security protocol independent and that can be scaled for use with wide area networks, such as the Internet, and that is independent of the underlying cryptographic mechanisms being used.